protected function isLogin()
{
$uname = cookie('uname');
$uid = cookie('uid');
$sid = session('uid');
if (strcmp($uid, $sid) != 0) {
return false;
}
$wkcode = cookie('wkcode');
if (empty($uname) || empty($uid) || empty($wkcode)) {
return false;
}
if ($uid != 1 && $wkcode != xmd5($uid . $uname, 3)) {
return false;
}
return true;
}
public function doedit()
{
$model = M('admin');
$data['name'] = trim($_POST['username']);
$data['id'] = $_POST['id'];
$data['password'] = xmd5(trim($_POST['password']));
//同步默认管理员帐号至会员帐户
if ($data['id'] == 1) {
$map['id'] = $data['id'];
$map['password'] = $data['password'];
$map['username'] = $data['name'];
$member = M('member');
$member->save($map);
}
$model->save($data);
$this->success('操作成功! 新密码:' . $_POST['password'], U('Admin/index'));
}
public function dorepassword()
{
if (!USER_LOGINED) {
jump(U('Public/login'));
}
if (strtolower($_SESSION['verify']) != strtolower($_POST['verify']) && C('SOFT_VERIFY') != 1) {
$this->error('验证码错误!');
}
$map['id'] = cookie('uid');
$model = M('member');
$list = $model->field('password')->where($map)->find();
if (!$list) {
jump(U('Public/login'));
}
$repassword = $this->_post('repassword', false);
$password = $this->_post('password', false);
if (strcmp($password, $repassword) != 0) {
$this->error('确认密码与密码不一致!');
}
if ($map['id'] == 1) {
$this->error('尊贵的超级管理员,请登录管理后台修改帐户密码信息!');
}
if (strcmp(xmd5(trim($_POST['oldpassword'])), $list['password']) != 0) {
$this->error('原始密码不正确!');
}
$map['password'] = xmd5($repassword);
$model->save($map);
cookie('uid', null);
cookie('uname', null);
cookie('wkcode', null);
$this->success('操作成功,请重新登陆!', U('Public/login'));
}
function user_delete($scope, $usermail, $password)
{
$nomefile = xmd5($scope);
$utenti = @file("{$nomefile}");
$fp = fopen($nomefile, "wb");
for ($i = 0; $i < count($utenti); $i++) {
$datiutente = explode(",", $utenti[$i]);
if ($datiutente[0] == $usermail && $datiutente[2] == $session) {
unset($utenti[$i]);
}
if ($utenti[$i] != "") {
fwrite($fp, $utenti[$i] . "\n");
}
}
fclose($fp);
}
public function doupload()
{
if (xmd5(C('COOKIE_PREFIX')) != $_POST['uploadify']) {
echo 0;
die;
}
$dirname = isset($_GET['dirname']) ? $_GET['dirname'] : '';
$savePath = empty($dirname) ? './' : './' . trim($dirname, '/') . '/';
//处理文件名,获取原始文件名
$filename = $_FILES['file_upload']['name'];
import('ORG.UploadFile');
$upload = new UploadFile();
$upload->savePath = $savePath;
$upload->saveRule = $filename;
$upload->uploadReplace = true;
if ($upload->upload()) {
echo 1;
} else {
echo 0;
}
}
return md5(strrev(md5($key)));
}
$service = "http://verticaldev.altervista.org/minimo/services/auth/index.php";
$usermail = $_GET['usermail'];
$session = $_GET['session'];
$scope = $_GET['scope'];
$response = file($service . "?op=verify&scope=" . $scope . "&usermail=" . $usermail . "&session=" . $session);
if ($response == true) {
$basepath = substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], "index.php"));
$storage = @$_GET['storage'];
$storagedir = xmd5($storage);
if (file_exists($storagedir) == false) {
mkdir($storagedir, 0775);
}
$op = @$_GET['op'];
if ($op == 'save') {
echo "\n\t\t<form action='{$basepath}/index.php?op=upload&storage={$storage}' method='post' enctype='multipart/form-data'>\n\t\t<input name='file' type='file' size='30%'>\n\t\t<input type='submit' >\n\t\t</form>\n\t\t\n\t\t";
}
if ($op == 'upload') {
if (move_uploaded_file($_FILES['file']['tmp_name'], $storagedir . "/" . $_FILES['file']['name'])) {
chmod($storagedir . "/" . $_FILES['file']['name'], 0775);
rename($storagedir . "/" . $_FILES['file']['name'], $storagedir . "/" . xmd5($_FILES['file']['name']));
}
}
if ($op == 'url') {
$filename = xmd5($_GET['filename']);
if (file_exists($storagedir . "/" . $filename)) {
echo "http://" . $_SERVER['HTTP_HOST'] . $basepath . $storagedir . "/" . $filename;
}
}
}
session_start();
define('THINK_PATH', true);
$config = (include '../../../Config/config.ini.php');
require_once 'JSON.php';
$uname = cookie('uname');
$uid = cookie('uid');
$cmsauth = $_SESSION['cmsauth'];
$nowauth = substr(md5(strrev($uname) . 'waikucms' . $uid), 0, 10);
//管理员
if (strcmp($cmsauth, $nowauth) != 0 && !isset($_GET['userup'])) {
alert('管理员身份信息认证失败!请重新登陆!');
}
//普通会员
if (isset($_GET['userup']) && $_GET['userup'] == 1) {
$wkcode = cookie('wkcode');
if (strcmp($wkcode, xmd5($uid . $uname, 3)) != 0) {
alert('会员身份信息认证失败!请重新登陆!');
}
}
$php_path = dirname(__FILE__) . '/';
$php_url = dirname($_SERVER['PHP_SELF']) . '/';
//文件保存目录路径
$save_path = $php_path . '../../../Uploads/';
//文件保存目录URL
$save_url = $php_url . '../../../Uploads/';
//定义允许上传的文件扩展名
$ext_arr = array('image' => array('gif', 'jpg', 'jpeg', 'png', 'bmp'), 'flash' => array('swf', 'flv'), 'media' => array('swf', 'flv', 'mp3', 'wav', 'wma', 'wmv', 'mid', 'avi', 'mpg', 'asf', 'rm', 'rmvb'), 'file' => array('doc', 'docx', 'xls', 'xlsx', 'ppt', 'txt', 'zip', 'rar', 'gz', 'bz2', 'swf', 'flv', 'mp3'));
//最大文件大小
$max_size = 50000000;
$save_path = realpath($save_path) . '/';
//PHP上传失败
public function doedit()
{
$map = $this->getdata('id,username,password,sex,birthday,status,city,province,money,email,qq,rankid,avtar');
$model = M('member');
$list = $model->where(array('id' => $map['id']))->find();
if (!$list) {
$this->error('查询不到数据,请检查!');
}
$list2 = $model->where(array('username' => $map['username']))->find();
if ($list2 && $list2['username'] != $list['username']) {
$this->error('当前用户名已被注册使用!');
}
$map['password'] = empty($map['password']) ? $list['password'] : xmd5($map['password']);
if (empty($map['avtar'])) {
$map['avtar'] = __ROOT__ . '/Public/User/img/avtar_big.jpg';
}
$model->save($map);
//积分变动则更新积分等级
$this->doupdaterank($list['id']);
}
//更新配置
$cquery = "Update `{$dbprefix}config` set value='{$cfg_webname}' where id=4;";
mysql_query($cquery, $conn);
$cquery = "Update `{$dbprefix}config` set value='{$cfg_basehost}' where id=1;";
mysql_query($cquery, $conn);
$cquery = "Update `{$dbprefix}config` set value='{$cfg_cmspath}' where id=22;";
mysql_query($cquery, $conn);
$cquery = "Update `{$dbprefix}config` set value='{$cfg_cmspath}' where id=2;";
mysql_query($cquery, $conn);
//增加管理员帐号
$adminquery = "INSERT INTO `{$dbprefix}admin` (`id`, `name`, `password`, `logintime`, `loginip`, `status`) VALUES\n(1, '{$adminuser}', '" . xmd5($adminpwd) . "', " . time() . ", '127.0.0.1', '超级');";
$adminquery2 = "INSERT INTO `{$dbprefix}member` (`id`, `username`, `password`, `email`, `status`, `activekey`, `logintime`, `regtime`, `loginip`, `money`, `rankid`, `sex`, `province`, `city`, `qq`, `birthday`, `avtar`) VALUES\n(1, '{$adminuser}', '" . xmd5($adminpwd) . "', '*****@*****.**', 0, 'de90979d72b0d3b2cf4b3ccc0a3a632c', " . time() . ", " . time() . ", '127.0.0.1', 0, 23, 1, '山东', '济南', '634150845', '1988-01-23', '');";
mysql_query($adminquery, $conn);
mysql_query($adminquery2, $conn);
//安全密码设置
$safeadminpwd = empty($safeadminpwd) ? xmd5($adminpwd) : xmd5($safeadminpwd);
File::write_file('../Admin/Common/safeauth.php', "<?php\treturn '{$safeadminpwd}';?>");
//安装体验数据
if ($installdemo == 1) {
$query = '';
$fp = fopen(dirname(__FILE__) . '/sql-dfdemo.txt', 'r');
while (!feof($fp)) {
$line = rtrim(fgets($fp, 1024));
if (preg_match("#;\$#", $line)) {
$query .= $line;
$query = str_replace('#@__', $dbprefix, $query);
if ($mysqlVersion < 4.1) {
$rs = mysql_query($query, $conn);
} else {
$rs = mysql_query(str_replace('#~lang~#', $dblang, $query), $conn);
}
public function dologin()
{
if (strtolower($_SESSION['verify']) != strtolower($_POST['verify']) && C('SOFT_VERIFY') != 1) {
$this->error('验证码错误!');
}
$map['username'] = trim($_POST['username']);
$model = M('member');
$list = $model->where($map)->find();
if (!$list) {
$this->error('用户信息不存在!');
}
$map['password'] = trim($_POST['password']);
if (strcmp(xmd5($map['password']), $list['password']) != 0) {
$this->error('密码不正确!');
}
//更新用户信息 patch 2013-4-12 21:50:43
$model->where('id=' . $list['id'])->setField(array('logintime' => time(), 'loginip' => get_client_ip()));
//更新cookie
cookie('uid', $list['id'], time() + 3600);
session('uid', $list['id']);
cookie('uname', $list['username'], time() + 3600);
cookie('wkcode', xmd5($list['id'] . $list['username'], 3));
$url = !empty($_POST['fromurl']) ? $_POST['fromurl'] : U('Index/myfile');
$this->success('登陆成功!', $url);
}